[TriLUG] LDAP Question
Michael Alan Dorman
20 Aug 2002 14:53:27 -0400
Tanner Lovelace <email@example.com> writes:
> Yeah, if all your access is through localhost it's probably
> pretty secure. But, if you're only working with one computer,
> why bother using ldap? Why not just use the standard files?
Replication---each box has its own copies of data, for redundancy and
speed. Communication between the servers is done over SSL.
> I found a few. Probably the best one is
> http://www.ofb.net/~jheiss/krbldap/ Both the powerpoint and the
> paper are really good. (Yeah, I know it has a powerpoint, but it
> works real well with crossover office.) I've also got a couple of
> other PDF files I can send you if you want (since I don't remember
> their URLs. :-()
Thanks, but I don't need them right now. The link goes in the
bookmarks file, though.
> Well, that's why I suggested using rpm2cpio which converts an
> rpm to be a standard cpio file which can then be used with
> tools in debian. And, I suggested getting the source from
> redhat because I didn't know if Debian had anything equivalent.
Actually, the last sentence I was referring to was one about, "don't
feel like grovelling through the sources right now." :-)
For a while there I was the Debian/Alpha porter, and have grovelled
through many, many SRPMs, as that was the only place a lot of the
necessary patches existed. rpm2cpio and I got to be very good
> Right now, it seems our biggest problem with the ldap stuff is
> getting the GSSAPI (Kerberos) authentication to work correctly.
> Kerberos is setup and working for logging in, but there's something
> not quite correctly setup with it and ldap (when modifying the ldap
> database, that is). That's not as important, however, since basic
> (non-sasl) authentication to ldap still works.
You're not running into SASL-reentrancy problems are you? Sig11s and
that sort of thing?